This Privacy Statement sets out the data processing practices carried out by Healthwatch Wiltshire.
The data controller for Healthwatch Wiltshire is TCF (The Care Forum) registered with the Information Commissioner's Office (ICO) registration reference: z1259279
Find out more about The Care Forum on their website.
Information we collect
In our role as the local independent champion for people who use health and social care services, we collect and process personal data from the following sources:
- Online web forms or surveys
- Paper surveys/forms
- Providing information and signposting to people who contact us for help with health and social care
- Research projects
- Visits to health and social care providers
- Meetings
- Other means of obtaining views from people about the health and social care services they access.
The type of personal information we collect
We currently collect and process the following information:
- Personal identifiers, contacts and characteristics (for example, name and contact details)
- Health conditions, including details of healthcare; ethnicity; sexual orientation and religion
- Other demographic data, including age and gender and religion or belief or your sexual orientation
- We automatically collect some technical information from devices and web browsers that you use. This might include your IP (internet protocol) address.
We use the information you share with us in line with our main statutory functions. These are inclusive of, but not limited to:
- Obtain people's views about their needs and experience of local health and social care services. Local Healthwatch make these views known to those involved in the commissioning and scrutiny of care services.
- Make reports and make recommendations about how those services could or should be improved.
- Promote and support the involvement of people in the monitoring, commissioning and provision of local health and social care services.
- Provide information and advice to the public about accessing health and social care services and their options.
- Make the views and experiences of people known to Healthwatch England, helping us carry out our champion role.
- Make recommendations to Healthwatch England to advise the Care Quality Commission (CQC) to carry out special reviews or investigations into areas of concern.
We also collect information about your age, ethnicity, gender and health. Depending on the needs of each project, we may collect information about your religion or belief or your sexual orientation.
We’re allowed to collect sensitive information like this because it is connected with the provision of and management of health and social care services.
We collect this data to help us understand whom we are speaking to and to understand how different groups experience health and social care.
This data is retained for up to 2 years after completion of the project.
Personal data received from other sources
On occasion, we will receive information from the families, friends and carers of people who access health and social care services. We might also receive information from health, social care and other professionals. We use this personal data to inform providers and commissioners to help them deliver services that work for everyone.
We will only process your personal data where we have your permission, or there is another lawful basis to do so under current data protection legislation.
Publishing information
We anonymise our data to the best of our ability to ensure that you can't be identified unless you have given permission for us to do so. However, your identifiable details are required to provide the service or meet our legal obligations in certain situations.
Sharing your data with Healthwatch England
We must share information with Healthwatch England to ensure that your views feed into our national work. Healthwatch England uses it to assess the quality of care across the country and influence service provision. By working together, we can ensure that health and social care leaders are aware of people's experiences and can make a difference to the care people receive now and in the future.
Find out more about Healthwatch England’s purpose and what they do.
Healthwatch England will anonymise any information they use for national publications to the best of their ability.
How we share information with other organisations
We only share personal data with other organisations where it is lawful to do so in accordance with our data protection policy. We will share your information to fulfil our remit, which is to pass on your care experiences to help improve them on your behalf and people like you.
We work with Healthwatch England, the CQC, local commissioners for health and social care, Wiltshire Council and NHS England and Improvement to make this happen. We can also engage external suppliers to process personal information on our behalf.
We will only disclose your personal information where there is another excellent reason to make the disclosure – for example, we may disclose information to CQC or a local authority where we think it is necessary to protect a vulnerable person from abuse or harm. We'll only make such a disclosure in accordance with the requirements of the current data protection legislation.
Wherever possible, we will ensure that any information that we share or disclose is wholly or partly anonymised so that you cannot be identified from it.
We sometimes use other organisations to process personal data on our behalf. Where we do this, those companies must follow the same rules and information security requirements as us, outlined in a Data Processing Agreement. They are not allowed to use the data for other purposes.
Healthwatch Wiltshire uses SmartSurvey to store and process survey data, even if this data has been collected via a paper form. Healthwatch Wiltshire stores information relating to feedback on services or signposting to services on Civi CRM hosted by Circle interactive. Technical details of how this information is stored and the data standards under which they operate can be found here
Healthwatch Wiltshire sometimes shares data with Healthwatch Bath & North East Somerset and Healthwatch Swindon as we are in the ‘BSW’ Integrated Care System area. Currently these Healthwatch are all hosted by TCF (The Care Forum) and data is stored and processed under the same strict governance and technical standards. Our consent forms specify how we plan to use the data collected and how it is anonymised.
Information we collect about people who apply to work or volunteer with us
We need to process personal data about our staff (and people applying to work for us) to meet our legal and contractual responsibilities as an employer.
The personal data that we process includes name and contact details and information about racial or ethnic origin, religion, disability, gender and sexuality. We use this information to check that we are promoting and ensuring diversity in our workforce and ensuring that we are complying with equalities legislation.
We'll ask for your explicit consent to share this data with us. Our employees decide whether to share this monitoring data with us. They can choose to withdraw their consent for this at any time. Employees who wish to withdraw their consent for us to process this data can let us know.
Other personal data that we must process includes information on all employment-related matters, qualifications and experience, pay and performance, health and welfare, contact details and bank details. We also process data about monitoring ICT systems to ensure security, including monitoring and keeping logs of web pages visited and screening emails for phishing attacks.
We check that people who work for us are fit and suitable for their roles. This may include asking people to undertake Disclosure and Barring Service (DBS) checks, copies of documents that prove job applicants' right to work in the UK and references.
We will ask people joining Healthwatch Wiltshire to complete a 'declaration of interests' form. This will identify any services with which they have close links (for example, because they have previously worked there or because a close relative runs the service) or any other issues which could cause a perceived conflict of interest. We regularly ask staff asked to update these forms.
We process information directly necessary about employment and safeguarding under our legal obligations, information which is not strictly necessary with the individual's consent.
How long we keep your data for
We retain personal data about employees and volunteers for six years after the duration of their employment with the following exceptions:
- Volunteer files - for 12 months after the volunteer has ceased to be a TCF volunteer
- Staff personal employment files - 6 years to include injuries at work and personal data
- Recruitment files and application forms - 12 months
- Statutory maternity pay records, sickness records - 3 years (i.e. at the end of employment, the previous 3 year’s records will be in the file, assuming they have been employed for at least that period of time)
- Payroll and tax information; financial records - 6 years
- Survey, signposting and feedback data - 2 years after conclusion of project. Paper records up to 6 months.
If you are not successful at getting a job or volunteering with us, we will keep your data for six months after finalising recruitment.
We have a legal obligation to comply with the Freedom of Information Act 2000. This may include the requirement to disclose some information about our employees – especially those in senior or public-facing roles. We also publish some information about our staff, including the names and work contact details of people in some positions.
Information we collect for other purposes
We use personal information about you for the following purposes:
- to send you our newsletter where you have requested it;
- Because you have agreed to be a case study for us
This may include any personal information that you choose to share with us, but we will treat this as confidential and protect it accordingly. We will ask for your consent to collect and use this data.
Signing up for our newsletter
We use Mailchimp to provide our newsletter service. By subscribing to this service, you will agree to them handling your data. You can unsubscribe at any time by following the instructions in the newsletter or by contacting us.
The third-party supplier handles the data purely to provide this service on our behalf. This supplier follows the requirements of data protection legislation in obtaining, handling, and processing your information and will not make your data available to anyone other than Healthwatch.
We will keep your data until you tell us you no longer want to receive our newsletter.
Security
We are strongly committed to data security, and we take reasonable and appropriate steps to protect your personal information from unauthorised access, loss, misuse, alteration or corruption.
Healthwatch Wiltshire use Microsoft 365 to process email and other information submitted by the public. Our websites and signposting and feedback database are hosted by Circle Interactive Bristol (Company number 05540067) who are accredited to the ISO27001 standard, and who have access to carry out maintenance and security updates
Only authorised employees, volunteers and contractors under strict controls will access your personal information.
Retention and disposal of personal data
Please see the bullet point list above which explains how long we keep different types of records and documents, including those containing personal data. Personal data is deleted or securely destroyed at the end of its retention period.
Information about people who use our website
Cookies
A cookie is a string of information that a website stores on a visitor's computer, and that the visitor's browser provides to the website each time the visitor returns. TCF uses cookies to help us identify and track visitors, their usage of our websites, and their website access preferences.
Healthwatch Wiltshire visitors who do not wish to have cookies placed on their computers should set their browsers to refuse cookies before using our website, with the drawback that certain features of these websites may not function properly without the aid of cookies.
See our Cookies policy for more information.
Your rights
Your right to access information about you
If you think we may hold personal data relating to you and want to see it, please email info@healthwatchwiltshire.co.uk
Or write to: Healthwatch Wiltshire, c/o TCF, The Vassal Centre, Fishponds Bristol BS16 2QQ
You have a right to receive a copy of this personal data or to ask us to forward it to a person or organisation of your choice. We will provide the personal data to you in your preferred format wherever possible. We may need to ask you to verify your identity before we proceed.
Correcting or deleting your personal data
If you know that we are holding your personal data and believe that it may be wrong, or if you want it to be deleted or for us to stop using it, you have a right to request that it can be deleted or amended. There may be some occasions when, for legal reasons, we are unable to comply fully with your request.
Please make your objection in writing to Data Protection Officer: info@thecareforum.org.uk
Or send it by post to: FAO: DPO, TCF, The Vassall Centre, Fishponds Bristol BS16 2QQ
Complaints about how we look after or use your information
If you feel that we have not met our responsibilities under data protection legislation, you have a right to request an independent assessment from the Information Commissioner’s Office (ICO). You can find details on their website.